When will the wave of POS data breaches that have been rocking American retail recently end? Not today, as retail giant Home Depot announced that they appear to have joined the parade of high profile victims of hackers. According to some reports, the Home Depot data breach could involve a massive compromise of cardholder data.
In a message addressed to its customers, posted on their corporate web site, the company said “We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate”.
They also assured their customers that they will not be responsible for any fraudulent charges. “The financial institution that issued your card or Home Depot are responsible for those charges should we confirm a breach.”
The announcement came less than a day after the story was broken on the krebsonsecurity.com blog. Krebs wrote that his sources believe that Home Depot may the source of a “massive” amount of stolen credit and debit cards being offered for sale by cybercriminals. Data breaches are frequently discovered only by third parties, in this case banks investigating unusual account activity.
Krebs also states that this breach may involve the same Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty, P.F. Chang’s and many others.
If so, it means that the Home Depot breach may not be directly related to a string of high profile POS data breaches related to the Backoff POS malware, which had prompted a Homeland Security Warning on July 31st. The US Secret Service has reported that over 1,000 organizations have been victimized by Backoff, including the UPS Stores, Dairy Queen and 2 of the largest owners of supermarkets in the country.